Notifications & Alerting

Gatwy includes a no-code notification rule engine that triggers alerts on any audit event.

Notification Channels

Configure channels under Settings → Notifications → Channels:

Channel	What you need
Email (SMTP)	SMTP host, port, credentials, sender address
Telegram	Bot token + chat ID
Slack	Incoming webhook URL
Webhook	Any HTTP endpoint (JSON payload)

Creating Rules

Rules are configured under Settings → Notifications → Rules.

Each rule has:

1. Trigger events — multi-select from any audit event type
2. Conditions — AND/OR logic filtering by user, IP, target host, or other fields
3. Recipients — Gatwy users, roles, or custom addresses / endpoints
4. Cadence throttling — limit alert frequency to avoid fatigue

Trigger Events

Any audit event can trigger a notification, including:

Event Category	Examples
Session events	Session started, session ended, connection failed
Authentication	User login, login failed, brute-force lockout
IP access	IP allowlist/denylist rule matched and blocked
Configuration	Connection added/edited/deleted, RBAC changes
Notification rules	Rule created, channel changed (field-level diff logged)

Recipients

• Gatwy users — send email directly to users defined in Gatwy
• Roles — send to all members of a role
• Custom addresses — any email address or webhook URL
• Warns if a selected user has no email address configured

Delivery History

Settings → Notifications → History shows:

• Every notification sent, with delivery status (delivered / failed)
• Retry support for failed deliveries
• Configurable retention (default 90 days)
• Manual delete

Message Templates

Default templates include emoji severity indicators and Gatwy branding. Templates are fully customizable per channel.

Example variables available in templates:

Variable	Description
{{user}}	Username who triggered the event
{{ip}}	Source IP address
{{event}}	Event type
{{timestamp}}	ISO 8601 timestamp
{{target}}	Connection target host